Why credit bureau Experian has data on T-Mobile customers
NEW YORK — In the latest high-profile breach of a U.S. organization, hackers broke into Experian’s database of information on 15 million T-Mobile customers and potential customers. But what is Experian, and why does the credit bureau keep data on a wireless carrier’s customers?
Here’s a Q&A about what happened at Experian and what could happen next.
WHAT INFORMATION DOES EXPERIAN HAVE ON ME?
If you’ve applied for a credit card, mortgage, student loan or any financial product in the last three decades, Experian likely has some sort of data on you. The Consumer Financial Protection Bureau estimates Experian, Equifax and TransUnion hold records on more than 200 million Americans.
The data can be basic information like your address and birthdate. But if you’ve applied for credit, the agencies could know more about your financial situation than your parents or spouse do. They’ll have your Social Security number, all of the banks you have credit card accounts with, the limit on those cards and if you pay them down regularly. They can know your work history, if you’ve had any collections or court judgments against you or if you’ve ever defaulted on a loan.
WHY COLLECT THE INFORMATION?
Banks and other lenders need to know whether you’re a good borrower and pay your debts and would prefer to gather that information quickly and relatively cheaply. Credit agencies provide a storehouse of data that lenders can pull to make credit decisions. In turn, those lenders report their data back to the agencies so other lenders to have access to more data.
This ongoing database becomes known as a person’s credit report. The data can be further processed into what’s known as a credit score, which is a way of boiling down years of financial information into a “grade” that banks can look at to decide whether to lend to you or not.
WHY WAS EXPERIAN COLLECTING AND HOLDING INFORMATION FOR T-MOBILE?
T-Mobile has to decide whether to allow a potential customer to open an account or to finance their newly purchased phone. Anyone applying for cell service, with some exceptions like a prepaid phone, needs to get a credit check before T-Mobile or other carriers approve service.
T-Mobile, which contracted out the credit check to Experian, says applicants from between September 1, 2013 and September 16, 2015 were affected.
WHAT INFORMATION WAS TAKEN? WHAT SHOULD I DO?
Names, addresses, Social Security numbers, birthdates and driver’s license numbers.
But Experian says the T-Mobile consumer data and its consumer credit database – the credit reports noted above – are housed on a separate server and those records were not exposed in the hack.
T-Mobile said affected consumers can sign up for two free years of credit monitoring services at www.protectmyID.com/securityincident, a service owned by Experian.
The offering of an Experian monitoring service led to protests on Twitter, and T-Mobile may announce other options for its consumers to protect their data. CEO Legere said on Twitter that contracting out Experian was the fastest way to protect customers’ data, but they are working on providing an alternative.
WHO REGULATES THE CREDIT AGENCIES?
The federal regulator of Experian, TransUnion, Equifax and the other smaller credit agencies is the Consumer Financial Protection Bureau.
The CFPB, which was created after the 2008 financial crisis, started regulating credit agencies in September 2012. It was the first time a federal agency had weighed in on the industry.
WILL THERE BE ANY CONSEQUENCES FOR EXPERIAN?
It is too soon to tell. The CFPB, in a statement, said they “are concerned about the recent breach of consumer information” and will be monitoring the situation. Experian could face fines and possible increased regulatory scrutiny as well if it is found liable for how the breach occurred.
And T-Mobile could stop using Experian. In a letter to customers, T-Mobile CEO John Legere had said that he was “incredibly angry” about the breach and that the company would review its relationship with Experian.